mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-08 03:10:48 +02:00
9393d62591
Replace the liboqs-based pre-standardization SPHINCS+ implementation with the native FIPS 205 SLH-DSA implementation across the certificate / ASN.1 / X.509 layers, and add SLH-DSA-rooted test certificates plus TLS 1.3 .conf scenarios that exercise the new verification path. All liboqs SPHINCS+ code is removed. This enables SLH-DSA for certificate chain authentication: CA certificates signed with SLH-DSA, certificate signature verification against an SLH-DSA root. TLS 1.3 entity authentication via CertificateVerify with SLH-DSA will be added in a follow-up PR. Follows RFC 9909 (X.509 Algorithm Identifiers for SLH-DSA) and NIST FIPS 205. Supports both SHAKE and SHA-2 parameter families across all twelve standardized variants. DER codec: - New PrivateKeyDecode, PublicKeyDecode, KeyToDer, PrivateKeyToDer, PublicKeyToDer with RFC 9909 encoding (bare OCTET STRING containing 4*n raw bytes = SK.seed || SK.prf || PK.seed || PK.root, no nested wrapper). OID auto-detection across all twelve SHAKE / SHA-2 variants. - PublicKeyDecode raw-bytes fast path mirrors wc_Falcon_PublicKeyDecode and wc_Dilithium_PublicKeyDecode so callers (notably wolfssl_x509_make_der and ConfirmSignature, which pass the raw BIT STRING contents stashed by StoreKey) decode correctly. Honours the caller's *inOutIdx start offset. - Error paths in Private/PublicKeyDecode preserve params/flags/ inOutIdx and only ForceZero the buffer half each helper actually writes; skip the wipe entirely on BAD_LENGTH_E (no bytes touched). - ImportPublic uses |= on flags so a Private-then-Public import sequence retains FLAG_PRIVATE. OID dispatch: - 12 standardized NIST OIDs (6 SHAKE + 6 SHA-2) per RFC 9909. The pre-standardization OID-collision mechanism is removed since NIST OIDs do not collide. - wc_SlhDsaOidToParam / wc_SlhDsaOidToCertType return NOT_COMPILED_IN (rather than -1) for recognised SLH-DSA OIDs whose parameter set isn't built; wc_IsSlhDsaOid recognises both. The x509 dispatch surfaces this as a precise diagnostic instead of the generic "No public key found". - wc_GetKeyOID picks a placeholder parameter from whatever variant is compiled in and #errors at compile time if none is. - asn_orig.c EncodeCert / EncodeCertReq accept SHA-2 SLH-DSA keyTypes alongside SHAKE. Tests and fixtures: - Test cert chain in certs/slhdsa/: SLH-DSA-SHAKE-128s and SLH-DSA-SHA2-128s self-signed roots that sign reused ML-DSA-44 entity keys (server + client), plus the gen script (gen-slhdsa-mldsa-certs.sh, OpenSSL >= 3.5). - New TLS 1.3 .conf scenarios under tests/suites.c dispatch: test-tls13-slhdsa-shake.conf, test-tls13-slhdsa-sha2.conf, and a wrong-CA negative test test-tls13-slhdsa-fail.conf. - DER round-trip and on-disk decode tests; bench_slhdsa_*_key.der fixtures regenerated with wolfSSL's own encoder so the codec is pinned to RFC 9909. - New unit test test_wc_slhdsa_x509_i2d_roundtrip exercises the raw PublicKeyDecode entry point that wolfssl_x509_make_der relies on. - test_wc_slhdsa_check_key now tests both Public-then-Private and Private-then-Public import orderings. Build / ABI: - DYNAMIC_TYPE_SPHINCS = 98 kept as RESERVED with a tombstone comment for ABI stability; new code should use DYNAMIC_TYPE_SLHDSA (107). - All build system / IDE project files updated; SPHINCS+ sources, headers, and test data removed. - Dead bench_slhdsa_*_key arrays removed from gencertbuf.pl and certs_test.h; the .der files on disk drive the decode tests.
251 lines
11 KiB
Plaintext
251 lines
11 KiB
Plaintext
# vim:ft=automake
|
|
# All paths should be given relative to the root
|
|
|
|
nobase_include_HEADERS+= \
|
|
wolfssl/wolfcrypt/aes.h \
|
|
wolfssl/wolfcrypt/arc4.h \
|
|
wolfssl/wolfcrypt/ascon.h \
|
|
wolfssl/wolfcrypt/asn.h \
|
|
wolfssl/wolfcrypt/asn_public.h \
|
|
wolfssl/wolfcrypt/poly1305.h \
|
|
wolfssl/wolfcrypt/camellia.h \
|
|
wolfssl/wolfcrypt/cmac.h \
|
|
wolfssl/wolfcrypt/wc_she.h \
|
|
wolfssl/wolfcrypt/coding.h \
|
|
wolfssl/wolfcrypt/compress.h \
|
|
wolfssl/wolfcrypt/des3.h \
|
|
wolfssl/wolfcrypt/dh.h \
|
|
wolfssl/wolfcrypt/dsa.h \
|
|
wolfssl/wolfcrypt/ecc.h \
|
|
wolfssl/wolfcrypt/curve25519.h \
|
|
wolfssl/wolfcrypt/ed25519.h \
|
|
wolfssl/wolfcrypt/fe_operations.h \
|
|
wolfssl/wolfcrypt/ge_operations.h \
|
|
wolfssl/wolfcrypt/curve448.h \
|
|
wolfssl/wolfcrypt/ed448.h \
|
|
wolfssl/wolfcrypt/falcon.h \
|
|
wolfssl/wolfcrypt/dilithium.h \
|
|
wolfssl/wolfcrypt/fe_448.h \
|
|
wolfssl/wolfcrypt/ge_448.h \
|
|
wolfssl/wolfcrypt/eccsi.h \
|
|
wolfssl/wolfcrypt/sakke.h \
|
|
wolfssl/wolfcrypt/error-crypt.h \
|
|
wolfssl/wolfcrypt/fips_test.h \
|
|
wolfssl/wolfcrypt/hash.h \
|
|
wolfssl/wolfcrypt/hmac.h \
|
|
wolfssl/wolfcrypt/hpke.h \
|
|
wolfssl/wolfcrypt/kdf.h \
|
|
wolfssl/wolfcrypt/integer.h \
|
|
wolfssl/wolfcrypt/md2.h \
|
|
wolfssl/wolfcrypt/md4.h \
|
|
wolfssl/wolfcrypt/md5.h \
|
|
wolfssl/wolfcrypt/misc.h \
|
|
wolfssl/wolfcrypt/pkcs7.h \
|
|
wolfssl/wolfcrypt/wc_encrypt.h \
|
|
wolfssl/wolfcrypt/wc_port.h \
|
|
wolfssl/wolfcrypt/pwdbased.h \
|
|
wolfssl/wolfcrypt/chacha.h \
|
|
wolfssl/wolfcrypt/chacha20_poly1305.h \
|
|
wolfssl/wolfcrypt/random.h \
|
|
wolfssl/wolfcrypt/wolfentropy.h \
|
|
wolfssl/wolfcrypt/rng_bank.h \
|
|
wolfssl/wolfcrypt/ripemd.h \
|
|
wolfssl/wolfcrypt/rsa.h \
|
|
wolfssl/wolfcrypt/rc2.h \
|
|
wolfssl/wolfcrypt/settings.h \
|
|
wolfssl/wolfcrypt/sha256.h \
|
|
wolfssl/wolfcrypt/sha512.h \
|
|
wolfssl/wolfcrypt/sha.h \
|
|
wolfssl/wolfcrypt/signature.h \
|
|
wolfssl/wolfcrypt/blake2.h \
|
|
wolfssl/wolfcrypt/blake2-int.h \
|
|
wolfssl/wolfcrypt/blake2-impl.h \
|
|
wolfssl/wolfcrypt/tfm.h \
|
|
wolfssl/wolfcrypt/srp.h \
|
|
wolfssl/wolfcrypt/types.h \
|
|
wolfssl/wolfcrypt/visibility.h \
|
|
wolfssl/wolfcrypt/logging.h \
|
|
wolfssl/wolfcrypt/memory.h \
|
|
wolfssl/wolfcrypt/mpi_class.h \
|
|
wolfssl/wolfcrypt/mpi_superclass.h \
|
|
wolfssl/wolfcrypt/mem_track.h \
|
|
wolfssl/wolfcrypt/wolfevent.h \
|
|
wolfssl/wolfcrypt/pkcs12.h \
|
|
wolfssl/wolfcrypt/wolfmath.h \
|
|
wolfssl/wolfcrypt/sha3.h \
|
|
wolfssl/wolfcrypt/siphash.h \
|
|
wolfssl/wolfcrypt/cpuid.h \
|
|
wolfssl/wolfcrypt/cryptocb.h \
|
|
wolfssl/wolfcrypt/wc_mlkem.h \
|
|
wolfssl/wolfcrypt/sm2.h \
|
|
wolfssl/wolfcrypt/sm3.h \
|
|
wolfssl/wolfcrypt/sm4.h \
|
|
wolfssl/wolfcrypt/wc_lms.h \
|
|
wolfssl/wolfcrypt/wc_xmss.h \
|
|
wolfssl/wolfcrypt/wc_slhdsa.h \
|
|
wolfssl/wolfcrypt/puf.h \
|
|
wolfssl/wolfcrypt/oid_sum.h
|
|
|
|
noinst_HEADERS+= \
|
|
wolfssl/wolfcrypt/port/aria/aria-crypt.h \
|
|
wolfssl/wolfcrypt/port/aria/aria-cryptocb.h \
|
|
wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h \
|
|
wolfssl/wolfcrypt/port/ti/ti-hash.h \
|
|
wolfssl/wolfcrypt/port/ti/ti-ccm.h \
|
|
wolfssl/wolfcrypt/port/nrf51.h \
|
|
wolfssl/wolfcrypt/port/nxp/ksdk_port.h \
|
|
wolfssl/wolfcrypt/port/nxp/dcp_port.h \
|
|
wolfssl/wolfcrypt/port/xilinx/xil-sha3.h \
|
|
wolfssl/wolfcrypt/port/xilinx/xil-versal-glue.h \
|
|
wolfssl/wolfcrypt/port/xilinx/xil-versal-trng.h \
|
|
wolfssl/wolfcrypt/port/caam/caam_driver.h \
|
|
wolfssl/wolfcrypt/port/caam/caam_error.h \
|
|
wolfssl/wolfcrypt/port/caam/caam_qnx.h \
|
|
wolfssl/wolfcrypt/port/silabs/silabs_aes.h \
|
|
wolfssl/wolfcrypt/port/silabs/silabs_ecc.h \
|
|
wolfssl/wolfcrypt/port/silabs/silabs_hash.h \
|
|
wolfssl/wolfcrypt/port/silabs/silabs_random.h \
|
|
wolfssl/wolfcrypt/port/st/stm32.h \
|
|
wolfssl/wolfcrypt/port/st/stsafe.h \
|
|
wolfssl/wolfcrypt/port/tropicsquare/tropic01.h \
|
|
wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h \
|
|
wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h \
|
|
wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h \
|
|
wolfssl/wolfcrypt/port/arm/cryptoCell.h \
|
|
wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h \
|
|
wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h \
|
|
wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-types.h \
|
|
wolfssl/wolfcrypt/port/Renesas/renesas_sync.h \
|
|
wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h \
|
|
wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h \
|
|
wolfssl/wolfcrypt/port/Renesas/renesas_tsip_internal.h \
|
|
wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h \
|
|
wolfssl/wolfcrypt/port/maxim/max3266x.h \
|
|
wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h \
|
|
wolfssl/wolfcrypt/port/rpi_pico/pico.h \
|
|
wolfssl/wolfcrypt/libwolfssl_sources.h \
|
|
wolfssl/wolfcrypt/libwolfssl_sources_asm.h
|
|
|
|
|
|
if BUILD_CRYPTOAUTHLIB
|
|
nobase_include_HEADERS+= wolfssl/wolfcrypt/port/atmel/atmel.h
|
|
endif
|
|
|
|
if BUILD_AFALG
|
|
nobase_include_HEADERS+= wolfssl/wolfcrypt/port/af_alg/afalg_hash.h
|
|
nobase_include_HEADERS+= wolfssl/wolfcrypt/port/af_alg/wc_afalg.h
|
|
endif
|
|
|
|
if BUILD_KCAPI
|
|
nobase_include_HEADERS+= wolfssl/wolfcrypt/port/kcapi/wc_kcapi.h
|
|
nobase_include_HEADERS+= wolfssl/wolfcrypt/port/kcapi/kcapi_hash.h
|
|
nobase_include_HEADERS+= wolfssl/wolfcrypt/port/kcapi/kcapi_hmac.h
|
|
nobase_include_HEADERS+= wolfssl/wolfcrypt/port/kcapi/kcapi_ecc.h
|
|
nobase_include_HEADERS+= wolfssl/wolfcrypt/port/kcapi/kcapi_rsa.h
|
|
nobase_include_HEADERS+= wolfssl/wolfcrypt/port/kcapi/kcapi_dh.h
|
|
endif
|
|
|
|
if BUILD_DEVCRYPTO
|
|
nobase_include_HEADERS+= wolfssl/wolfcrypt/port/devcrypto/wc_devcrypto.h
|
|
endif
|
|
|
|
if BUILD_ARIA
|
|
nobase_include_HEADERS+= wolfssl/wolfcrypt/port/aria/aria-crypt.h
|
|
nobase_include_HEADERS+= wolfssl/wolfcrypt/port/aria/aria-cryptocb.h
|
|
endif
|
|
|
|
if BUILD_LIBOQS
|
|
nobase_include_HEADERS+= wolfssl/wolfcrypt/port/liboqs/liboqs.h
|
|
endif
|
|
|
|
if BUILD_ASYNCCRYPT
|
|
nobase_include_HEADERS+= wolfssl/wolfcrypt/async.h
|
|
endif
|
|
|
|
if BUILD_PKCS11
|
|
nobase_include_HEADERS+= wolfssl/wolfcrypt/wc_pkcs11.h
|
|
nobase_include_HEADERS+= wolfssl/wolfcrypt/pkcs11.h
|
|
endif
|
|
|
|
if BUILD_CAVIUM
|
|
nobase_include_HEADERS+= wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h
|
|
endif
|
|
|
|
if BUILD_OCTEON_SYNC
|
|
nobase_include_HEADERS+= wolfssl/wolfcrypt/port/cavium/cavium_octeon_sync.h
|
|
endif
|
|
|
|
if BUILD_INTEL_QA
|
|
nobase_include_HEADERS+= wolfssl/wolfcrypt/port/intel/quickassist.h
|
|
nobase_include_HEADERS+= wolfssl/wolfcrypt/port/intel/quickassist_mem.h
|
|
endif
|
|
|
|
if BUILD_INTEL_QA_SYNC
|
|
nobase_include_HEADERS+= wolfssl/wolfcrypt/port/intel/quickassist_sync.h
|
|
endif
|
|
|
|
if BUILD_SP
|
|
nobase_include_HEADERS+= wolfssl/wolfcrypt/sp.h
|
|
nobase_include_HEADERS+= wolfssl/wolfcrypt/sp_int.h
|
|
else
|
|
if BUILD_SP_INT
|
|
nobase_include_HEADERS+= wolfssl/wolfcrypt/sp_int.h
|
|
endif
|
|
endif
|
|
|
|
if BUILD_SELFTEST
|
|
nobase_include_HEADERS+= wolfssl/wolfcrypt/selftest.h
|
|
endif
|
|
|
|
if BUILD_FIPS
|
|
if !BUILD_FIPS_V1
|
|
nobase_include_HEADERS+= wolfssl/wolfcrypt/fips.h
|
|
endif
|
|
endif
|
|
|
|
if BUILD_CAAM
|
|
nobase_include_HEADERS+= wolfssl/wolfcrypt/port/caam/wolfcaam.h \
|
|
wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h \
|
|
wolfssl/wolfcrypt/port/caam/wolfcaam_hash.h \
|
|
wolfssl/wolfcrypt/port/caam/wolfcaam_rsa.h \
|
|
wolfssl/wolfcrypt/port/caam/wolfcaam_x25519.h \
|
|
wolfssl/wolfcrypt/port/caam/wolfcaam_ecdsa.h \
|
|
wolfssl/wolfcrypt/port/caam/wolfcaam_cmac.h \
|
|
wolfssl/wolfcrypt/port/caam/wolfcaam_aes.h \
|
|
wolfssl/wolfcrypt/port/caam/wolfcaam_qnx.h \
|
|
wolfssl/wolfcrypt/port/caam/wolfcaam_seco.h \
|
|
wolfssl/wolfcrypt/port/caam/wolfcaam_fsl_nxp.h
|
|
endif
|
|
|
|
if BUILD_IOTSAFE
|
|
nobase_include_HEADERS+= wolfssl/wolfcrypt/port/iotsafe/iotsafe.h
|
|
endif
|
|
|
|
if BUILD_PSA
|
|
nobase_include_HEADERS+= wolfssl/wolfcrypt/port/psa/psa.h
|
|
endif
|
|
|
|
if BUILD_SE050
|
|
nobase_include_HEADERS+= wolfssl/wolfcrypt/port/nxp/se050_port.h
|
|
endif
|
|
|
|
if BUILD_TROPIC01
|
|
nobase_include_HEADERS+= wolfssl/wolfcrypt/port/tropicsquare/tropic01.h
|
|
endif
|
|
|
|
if BUILD_MAXQ10XX
|
|
nobase_include_HEADERS+= wolfssl/wolfcrypt/port/maxim/maxq10xx.h
|
|
endif
|
|
|
|
if BUILD_AUTOSAR
|
|
nobase_include_HEADERS+= wolfssl/wolfcrypt/port/autosar/Csm.h
|
|
nobase_include_HEADERS+= wolfssl/wolfcrypt/port/autosar/CryIf.h
|
|
nobase_include_HEADERS+= wolfssl/wolfcrypt/port/autosar/Crypto.h
|
|
nobase_include_HEADERS+= wolfssl/wolfcrypt/port/autosar/StandardTypes.h
|
|
endif
|
|
|
|
if BUILD_RISCV_ASM
|
|
nobase_include_HEADERS+= wolfssl/wolfcrypt/port/riscv/riscv-64-asm.h
|
|
endif
|
|
|